Learning to look for exploits on manual enumeration and really interesting privilege escalation based on badly configured permissions and cronjobs!
Hack The Box: SwagShop write-up
Really cool box that chains together two different exploits for the Magento CMS followed by a really simple yet amusing way of privilege escalation with vi!
Hack The Box: Luke write-up
Interesting machine focused on enumeration, it also shows how to get JWT tokens. Credentials are the key!
Modular matrices - HarekazeCTF 2019
In this blogpost I’ll be explaining how to find the inverse of a modular matrix as I solve one of the crypto challenges from HarekazeCTF 2019. Definitely for those who like math!
AES 128 Padding Attack - CSACTF Crypto: Flag server
Is it a blind SQL? Although my python script output looks like it, it is not. Interesting write-up of a padding attack on AES 128, crypto can be fun!
Hack The Box: FriendZone write-up
Really good machine to learn about DNS, also includes LFI and python library poisoning! One of my best ones so far!
Hack The Box: Help write-up
File upload that leads to user and then kernel exploit. Too easy right?
Hack The Box: Chaos write-up
It was indeed a chaos: from wordpress and pdf exploitation with latex to connection with email servers and shell escape. Want to know more?
Hack The Box: Curling write-up
Easy machine, but did you know that Curl had a configuration flag?
X-MAS CTF: Santa's No Password Login System
Blind SQL injection in the user-agent field? Nobody expected that…